Fight the Phish: How to Recognize and Respond to Phishing Attacks

How to combat email phishing scams in 2021: 

• Improve your skills in recognizing phishing
• Learn how to respond to phishing emails
• Discover how phishing simulation can help your organization be cyber smart

Be cyber smart and ensure your organization is ready to fight phishing.

This blog is part 2 of a 4-part series for National Cyber Security Awareness Month 2021. 

Last week, we covered the cyber security best practices to enhance your security in 2021.

Check out the week #1 NCSAM article for complete insight into:

• Cyber security hygiene
• Patch management
• Business email compromise
• Secure remote access
• Zero trust

This week’s focus of NCSAM is tips on how to combat phishing.

Are you confident in your organization’s ability to fight phishing? Email phishing scams remain a popular method of cyber attack in 2021, but do you know how to recognize and respond if a phishing scam ends up in your inbox?

According to Proofpoint’s State of the Phish Report, 74% of organizations in the U.S. experienced a successful phishing attack in 2021. 

According to the Internet Crime Complaint Center (IC3) 2020 Internet Crime Report, the IC3 received 241,342 complaints of email phishing scams with adjusted losses totaling an excess of $54 million.

At Proven Data, we are passionate about helping you improve your organization’s cyber security posture and #GetCyberSerious. Don’t end up as the next statistic. Let our security experts help you become one of the thousands of clients with our proven cyber protection.

As a champion of National Cyber Security Awareness Month (NCSAM), during the month of October, we are providing insight on how you can #BeCyberSmart and fight phishing in 2021. 

In this blog, you will:

• Learn how to spot email phishing scams
• Understand the do’s and don’ts of how to respond to phishing emails
• Discover how phishing simulation testing can proactively prepare your organization to combat email scams

Recognizing email phishing scams

Phishing scams aren’t new, but techniques have become increasingly sophisticated in recent years. Unfortunately, the COVID-19 pandemic provided an opportunity for cyber criminals to capitalize on global fear and uncertainty to carry out COVID-related phishing scams. 

Now more than ever, it is critical to remain diligent about email security. Knowing what to look for is the first step to combating phishing attacks.

According to the National Cyber Security Alliance, the red flags listed below are some of the main indicators that an email may be a scam:

• Awkward and unusual formatting
• Overly explicit requests to click a link or open an attachment
• Subject lines that convey urgency 

According to the Federal Trade Commission (FTC), the messaging of email phishing scams may:

• Contend that suspicious activity or log-in attempts have occurred on your account
• Claim there is a problem with your account or your payment information
• Tell you to confirm personal information
• Encourage you should view a fake invoice
• Instruct you to click on a link to make a payment
• Tell you that you’re eligible for a government refund
• Offer a coupon for free items

Utilizing a free service like Virus Total can help you identify Phishing Emails. In the example above, the URL was scanned and the result indicated that it was indeed a phishing email as depicted below. 

How to respond to email phishing scam attempt

If you notice an email contains one or more of the red flags listed above, follow the do’s and don’ts of responding to email phishing scams:

Do:

• Verify the sender – look up the company’s who allegedly sent the email and contact them (without using the contact info provided in the suspicious email) to verify the request is legitimate. If possible, verify any payment and purchase requests face to face. Additionally, verify any account number or payment procedures with the person making the request.
• Check for inconsistencies or errors – compare the email address, URL, or spelling used in previous correspondence to see if it differs from the email you suspect is fraud. Grammatical or spelling errors are prevalent in email phishing scams,
• Beware of emails that demand immediate action – if the requester uses language that indicates a time limit or urges you to respond rapidly, this may indicate a scam.

Do not:

• Do not click any links in the email – clicking on a malicious link can install malware, spyware, or ransomware on your device. 
• Do not download attachments included in the email – malicious attachments in phishing emails contain malware, which will infect your device when downloaded. According to the 2021 Ransomware Victims Report by Cloudian, 24% of ransomware attacks began from a phishing email. 
• Do not unintentionally reveal personal information – sharing information online such as names of your pets, schools you attended, family members names, etc. can provide cyber criminals with ideas of your password or security questions.

How to report phishing

If you received a phishing email, reporting it to authorities can provide valuable information to combat phishing scammers.

According to the FTC, follow the two steps listed below if you are a victim of a phishing attack:

Step 1: If you got a phishing email, forward it to the Anti-Phishing Working Group at [email protected]. 

Step 2. Report the phishing attack to the FTC at ReportFraud.ftc.gov.

How phishing simulation can prepare your organization to combat phishing

Phishing simulation is an interactive way to engage your organization members in email phishing scam awareness and preparedness activities and gauge staff responses to suspicious emails.

A phishing simulation test is a safe way to assess and train your organization in real-to-life situations. During a phishing simulation test, users will receive fake phishing emails that are made to appear genuine. 

The goal is for the user to pass the simulation test successfully by reporting the email as a phishing scam.

After the simulation is complete, you will be provided with a report that indicates the following results:

• Number of emails opened during the simulation
• Number of users who clicked links included in the email 
• Number of users who opened the attached file 
• Number of users who reported the test email 

Next steps to improving your email security

Now that you understand the basics of recognizing, responding, and reporting email phishing scams, what are the next steps to improving your cyber security posture?

A phishing simulation test is a great first step to find out where your organization stands on phishing awareness. Don’t feel comfortable trusting your cyber security to potential human error? Look into the cost of cyber security services like email protection. Email protection services use a third party to filter emails before they are received. These services can catch sophisticated email compromise attempts that could be missed even by a well-trained eye.

Consulting with a cyber security professional can help you find the cyber security products and services applicable and affordable for you. 

At Proven Data, we’re passionate about helping you find the proactive cyber solutions you need. 

We even created Operation Cyber Aware with Fmr. FBI Special Agent Patrick Gray of the Computer Crimes Squad to encourage people to #GetCyberSerious. 

Protecting your organization from cyber crime starts with you, be cyber smart and discover the security options that can set you on the path to cyber security success.

Want to learn more about cyber security solutions?

Talk to a cyber security expert today!

Request a cyber security consultation